Cybercrime During Economic Downturns

Cybercrime during economic downturns

The Economic Climate & its Impact on Cybersecurity

Increased cybercrime during economic downturns is inevitable, and brings a host of challenges for businesses worldwide. History has shown that during such periods, companies often make drastic cuts to their budgets, with areas like IT and cybersecurity also being affected. This creates vulnerabilities that cybercriminals are quick to exploit. To this point, a study by Bridewell, cites that 34% of organizations across the UK’s critical national infrastructure expect to see an increase in cyberattacks as a result of the current economic crisis.

Why Do Cyberattacks Spike During Financial Downturns?

It’s a multi-faceted issue. Firstly, businesses tend to cut costs in areas deemed non-essential, often affecting cybersecurity infrastructure and training. Moreover, layoffs during struggling economies can mean fewer personnel to manage and monitor IT systems, leading to security gaps. Criminals groups, well aware of these vulnerabilities, escalate their activities, seeking to capitalize on weakened security postures.

The Cost of Cybercrime in a Fragile Economy

Recessions are tough enough on their own, but when combined with the financial burdens of a cyberattack, the effects can be devastating. The average cost of a data breach is already sitting at a hefty $4.45 million. For companies already struggling with economic downturns, such financial hits can be the final blow, leading to bankruptcy or severe reputational damage.

Industries Most at Risk During Financial Crises

During economic downturns, certain industries inherently face a more challenging operational environment, making them attractive targets for cybercriminals.

Financial Services

With an uptick in customers concerned about their investments and seeking loan accommodations, these institutions see increased online traffic. This surge can be exploited by attackers to hide malicious activities amidst the flurry of genuine transactions. Additionally, financial desperation might make employees more susceptible to bribery or internal fraud.


In recessionary times, the healthcare sector can find itself overwhelmed. Not only do they grapple with strained resources, but they also face a rise in patients transitioning to digital health platforms. Cybercriminals can capitalize on this by deploying fake telehealth platforms, luring patients with discounted services, only to compromise their health data.

Other notable trends include medical phishing scams where attackers pose as health insurers or pharmacies to extract sensitive information, taking advantage of patients’ quests for affordable treatments.


The interconnected nature of modern manufacturing, often termed as Industry 4.0, means a cyber incident can halt production lines, disrupt supply chains, and even cause physical damage. During economic downturns, to cut costs, some manufacturers might delay necessary security updates or overlook security training, making them low-hanging fruits for threat actors.

Government Services

Economic crises put pressure on government bodies as they work to implement relief measures, manage public unrest, and maintain essential services. This can lead to a swift digitization of services without adequate cybersecurity measures in place. Public data becomes more accessible and, hence, a lucrative target.

Retail and E-Commerce

Tough economies often prompt a shift in consumer behavior. While in-store purchases might decline, online shopping can rise as customers hunt for bargains. Such uptrends become treasure troves for cybercriminals. For instance, they may target popular shopping events like Black Friday sales, with fake websites to phish unsuspecting shoppers. Additionally, as retailers extend or adjust their supplier networks to cut costs, attackers find more entry points to exploit.

The Lifeline: Multi-Layered Cybersecurity Strategies

When the stakes are higher than ever, businesses can’t afford to take chances. This’s where a multi-layered cybersecurity approach comes into play:

Network Access Control (NAC): This is an essential component of any cybersecurity strategy. NAC solutions allow businesses to define who or what can access their networks. By determining and enforcing policies on which devices or users can access the network, it reduces the potential attack vectors, essentially closing the door to many potential threats.

Passwordless Authentication: As the name suggests, this approach does away with passwords, which have long been a weak link in the security chain. Instead, passwordless authentication uses more secure methods like certificates, biometrics or hardware tokens. By eliminating the risks associated with weak or stolen passwords, businesses can further bolster their defenses.

Regular Training & Simulations: One of the most common ways cybercriminals access systems is through human error. Regular training ensures that employees recognize and avoid threats. Simulated phishing attacks, for instance, can prepare staff for real-world scenarios.

Software Updates: Keeping all software, especially software, up-to-date is critical. These updates often contain patches for known vulnerabilities that criminals could exploit.

Backup, Backup, Backup: Having a robust backup ensures that, even if data is compromised, it can be restored without paying ransoms or losing critical information.

Combatting Cybercrime During Economic Downturns

The ripples of economic downturns touch every corner of the business world, including the cybersecurity landscape. Increased cybercrime during economic downturns offer a stark reminder that as threats evolve, our defenses should as well. By understanding these dynamics, and adopting a multi-layered security approach, businesses have a fighting chance to weather the storm, both financially and digitally.

Try Portnox Cloud for Free Today

Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!